Cyber Risk: Everyone Has a Stake

Recent cyber-attacks have raised awareness that cyber is a critical risk for every organization, with the potential for significant financial impact and operational disruption. Cyber risk is a strategic risk that should be managed at the enterprise level – not delegated to IT. Everyone — from individual employees to risk managers to your board of directors — has a stake in managing cyber risk. That’s why Marsh takes a comprehensive approach to cyber risk, helping clients understand, measure, and manage cyber risk by providing tailored, market-leading solutions that integrate risk advisory and risk transfer services.

Q&A WITH MARSH'S BOB PARISI

1. How should senior management view cyber risk?

Cyber risk has become an enterprise-wide concern for businesses and a key economic risk. Gone are the days when only IT was involved in preventing and defending against a cyber event. Today, senior management needs to look at cyber risk not as a problem to be solved but as a risk to be managed.

2. What do corporate boards think of cybersecurity?

Boards of directors expect and demand regular updates on an organization’s cybersecurity. Concerns extend beyond forensic expenses and settlements. Lost revenue, intellectual property, business relationships, employee morale, and customer confidence are all potentially at stake. No board can afford to be caught without a plan for cyber breach/attack.

3. What role should analytics play in preventing cyber events?

Analytics are crucial in determining how susceptible an organization may be to a cyber incident and in helping organization determine necessary insurance limits. Services such as Marsh’s proprietary Cyber IDEAL model, which identifies damages, evaluates, and assesses limits, helps provide a range of potential outcomes and costs associated with a breach.

4. What do the insurance markets for cyber risk look like?

The dedicated cyber market consists of dozens of underwriters with available aggregate capacity approaching $1 billion, depending on industry sector. Companies generally purchased higher limits in 2015, with average limits of $16.9 million for companies of all sizes, up from $14.7 million in 2014. In addition to coverages like privacy liability, business interruption, regulatory investigations, and crisis management, cyber underwriters often offer loss control services at no extra charge. Additional protections like Marsh’s Cyber ECHO provide access to more insurance capacity.

5. In 2016, Marsh received the Advisen Cyber Risk Award for risk broking team of the year. This is the third consecutive year that Marsh has won the award. How does the team remain an industry leader in the cyber market?

Marsh’s Cyber Practice offers unparalleled resources in cyber advisory and risk transfer solutions. With industry know-how spanning decades, our practice helps clients effectively assess, manage, and respond to cyber threats and events. We provide advisory services across diverse areas of cybersecurity and, in collaboration with Marsh Global Analytics, brought a suite of analytical solutions to market. In short, we’ve been a leader in combating cyber threats since their emergence, and we’re committed to helping organizations develop holistic strategies across the entire enterprise to manage this risk.